exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 42 RSS Feed

Files Date: 2014-09-25

Nucom ADSL ADSLR5000UN ISP Credential Disclosure
Posted Sep 25, 2014
Authored by Sebastian Magof

Nucom ADSL ADSLR5000UNv2 suffers from a remote credential disclosure vulnerability.

tags | exploit, remote, info disclosure
SHA-256 | da83a0d2bd47f65c4b82b5e8c00ad0d11927797bb63d8dd1c8dd3f69bcaf59b1
Mac OS X VMWare Fusion Root Privilege Escalation
Posted Sep 25, 2014
Authored by mubix, joev, Stephane Chazelas, juken | Site metasploit.com

This abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root.

tags | exploit, root, bash
advisories | CVE-2014-6271
SHA-256 | f04f53cef923e1ebad417dccfb1f6d01ee754b3ddac0ef16fcb609fa3f055392
TOR Virtual Network Tunneling Tool 0.2.4.24
Posted Sep 25, 2014
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.4.24 fixes a bug that affects consistency and speed when connecting to hidden services, and it updates the location of one of the directory authorities.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 99b15c6858c04e93a31d3ae90dd69f5021faa2237da93a24fbd246f4f1670ad1
LibVNCServer 0.9.9 Remote Code Execution / Denial Of Service
Posted Sep 25, 2014
Authored by Open Source CERT, Nicolas Ruff

LibVNCServer versions 0.9.9 and below suffer from memory management handling, buffer overflow, and denial of service vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
advisories | CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055
SHA-256 | 7119467df020792576889e8a01b9e775d65a326b0070c018b47a7524af569c5b
Cisco Security Advisory 20140924-nat
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Network Address Translation (NAT) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper translation of IP version 4 (IPv4) packets. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 63ec1698c6f3c1763eb3e90238c8c14bb13ab2307119a50dc21da378dde9e0b4
Perl 5.20.1 Deep Recursion Stack Overflow
Posted Sep 25, 2014
Authored by Markus Vervier | Site lsexperts.de

A stack overflow was discovered when serializing data via the Data::Dumper extension which is part of Perl-Core. By using the "Dumper" method on a large Array-Reference which recursively contains other Array-References, it is possible to cause many recursive calls to the DD_dump native function and ultimately exhaust all available stack memory.

tags | exploit, overflow, perl
advisories | CVE-2014-4330
SHA-256 | 5739d0c214a552e16df8c1827940aaed394eeceffff1b5e158eb34f54598672a
Cisco Security Advisory 20140924-sip
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device. To exploit this vulnerability, affected devices must be configured to process SIP messages. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to this vulnerability.

tags | advisory, remote, protocol
systems | cisco, osx
SHA-256 | f38f520a86845654ee88d37dbd04daa74d66c5fde6e5c1c88e6b483ec7217fad
Cisco Security Advisory 20140924-dhcpv6
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCP version 6 (DHCPv6) server implementation of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper parsing of malformed DHCPv6 packets. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to be processed by an affected device. An exploit could allow the attacker to cause a memory leak and eventual reload of an affected device.

tags | advisory, remote, denial of service, memory leak
systems | cisco, osx
SHA-256 | e93171093b995dcfbce411a598dfdb3fd5744117c4e5f800cdb73e8f76d5a63c
All In One WP Security 3.8.2 SQL Injection
Posted Sep 25, 2014
Authored by High-Tech Bridge SA | Site htbridge.com

WordPress All In One WP Security plugin version 3.8.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2014-6242
SHA-256 | a719c00b89342dc8c43e26900af10153fcbe37cf3ff5a29d9e9d752b29e03e85
bashedCgi Remote Command Execution
Posted Sep 25, 2014
Authored by Shaun Colley, Stephane Chazelas | Site metasploit.com

bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.

tags | exploit, arbitrary, shell, cgi, bash
advisories | CVE-2014-6271
SHA-256 | 917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3
Cisco Security Advisory 20140924-mdns
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the multicast Domain Name System (mDNS) feature contains multiple vulnerabilities when processing mDNS packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

tags | advisory, remote, denial of service, vulnerability
systems | cisco, ios
SHA-256 | dc4f1b039a8cc220f77322e33bf032ed370e94d2f117b6a264bed10e06e22b92
Cisco Security Advisory 20140924-metadata
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Two vulnerabilities in the metadata flow feature of Cisco IOS Software could allow an unauthenticated, remote attacker to reload a vulnerable device. The vulnerabilities are due to improper handling of transit RSVP packets that need to be processed by the metadata infrastructure. An attacker could exploit these vulnerabilities by sending malformed RSVP packets to an affected device. A successful exploit could allow the attacker to cause an extended denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | 86c86ce647dd4d86d2f4e897f5eaf3298c3d789c2a636de21ab0d0483a2c8e91
Cisco Security Advisory 20140924-rsvp
Posted Sep 25, 2014
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of the Resource Reservation Protocol (RSVP) in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker cause the device to reload. This vulnerability could be exploited repeatedly to ca use an extended denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx, ios
SHA-256 | 122e365c878707d3cce528bd30d26500785e493a4517236096ff2341779bcca7
Telerik ASP.NET AJAX RadEditor Control 2014.1.403.35 XSS
Posted Sep 25, 2014
Authored by G. S. McNamara, Tyler Hoyle

Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.

tags | advisory, xss, asp
advisories | CVE-2014-4958
SHA-256 | c00ca1a36468d8069de3d09b942cd140f1aa6d4e521b6cead6b21e7289d8edea
HP Security Bulletin HPSBST03103
Posted Sep 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03103 - A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-0224
SHA-256 | 882f09e4ae66f5476a8646fa21caa2060ff6252423c643fc39c47a7720edd173
Mandriva Linux Security Advisory 2014-182
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-182 - Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server. Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions.

tags | advisory, php, imap
systems | linux, mandriva
advisories | CVE-2014-0103, CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450
SHA-256 | b2f5fd7e47dd9bc8959074a0564d784d915215f47c511bbd8081ec1d31fa3bac
Mandriva Linux Security Advisory 2014-181
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-181 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The dump package is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code.

tags | advisory, denial of service, overflow, code execution
systems | linux, mandriva
advisories | CVE-2014-4607
SHA-256 | 0f75b6891aae24693a8f4e99262c27b89e7e8729e07fcfea36107cd8471f1867
Mandriva Linux Security Advisory 2014-185
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-185 - Libgadu before 1.12.0 was found to not be performing SSL certificate validation.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-4488
SHA-256 | 4b4385736d1070ac345613dce34804ddc6711899bec6f7f9e55d94b56fe3dd51
Mandriva Linux Security Advisory 2014-183
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-183 - In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.

tags | advisory, remote, root, code execution
systems | linux, mandriva
advisories | CVE-2014-6300
SHA-256 | 1696f1ee65496e52f68751a5547aaee9e1f92d935118a6c145b08acaa2b51116
Debian Security Advisory 3032-1
Posted Sep 25, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3032-1 - Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.

tags | advisory, shell, bash
systems | linux, debian
advisories | CVE-2014-6271
SHA-256 | 7d7ff0314912c76766865251c1493b2d34d061b327ed6f9d10226a30e97312dd
Gentoo Linux Security Advisory 201409-09-1
Posted Sep 25, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. The unaffected packages listed in GLSA 201409-09 had an incomplete fix. Versions less than 4.2_p48-r1 are affected.

tags | advisory, bash
systems | linux, gentoo
advisories | CVE-2014-7169
SHA-256 | 7d34d7be6b922ed985830cc26b5e36adaa147f958aacdbc9a27f6e8fe28f550b
Slackware Security Advisory - bash Updates
Posted Sep 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory, bash
systems | linux, slackware
advisories | CVE-2014-6271
SHA-256 | 3d7981c8975006f49b5ad19b36029267c1636583968e19f0348fe0f6d92b8448
Slackware Security Advisory - mozilla-nss Updates
Posted Sep 25, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
SHA-256 | 75a5ec233c78a8c40f1c113cad473beb318b798a990321a19251fd7a15c550a1
Mandriva Linux Security Advisory 2014-189
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-189 - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services libraries affecting all versions. He discovered that NSS is vulnerable to a variant of a signature forgery attack previously published by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1 values involved in a signature and could lead to the forging of RSA certificates. The updated NSPR packages have been upgraded to the latest 4.10.7 version. The updated NSS packages have been upgraded to the latest 3.17.1 version which is not vulnerable to this issue. Additionally the rootcerts package has also been updated to the latest version as of 2014-08-05.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-1568
SHA-256 | 46a34a4e8012eab187a9e30838cea24c9c53c4b1295b48500f72627c1291a112
Mandriva Linux Security Advisory 2014-187
Posted Sep 25, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-187 - In cURL before 7.38.0, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. For this problem to trigger, the client application must use the numerical IP address in the URL to access the site. In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top Level Domains , thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2014-3613, CVE-2014-3620
SHA-256 | b3f22c75a92b1ce4ae6784727ffb767952bc3783b07b4700c6e473764db78e78
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close